i have an application which i developed on my local machine win7, iis7
which does something like this:
- deny all anonymous users on all root pages
- and redirect them to login
- they will be able to access the root pages after logging in.
- It uses forms authentication to log the user in.
it is structured as an subapplication in a website
eg /mywebsite/myapplication
related web.config employed with sensitive data taken out:
<system.web>
<authentication mode="Forms">
<forms
loginUrl="http://mywebsite/login.aspx"
timeout="15"
defaultUrl="~/Default.aspx"
cookieless="UseCookies"
slidingExpiration="true"
path="/" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
It works nicely on my dev machine. But when I move it to my prod machine of winserver2003 and iis6, it stop working as supposed.
it stop redirecting to the login page specified in the forms section. it simply allowed users to visit pages in my subapp.
eg mywebsite/subapplication/default.aspx
There should be no change to this section of the webconfig when I move from iis7 to iis6 right? Or is there something else I need to do in the IIS6 configs of "mywebsite" and "subapplication"?
When I view the authorization rules of my "subapplication" in the asp.net GUI from IIS6 it says:
Inherited: Allow = "*"
Local: Deny = "?"
Authorization rules of "mywebsite" shows:
Inherited: Allow = "*"
Local: < nothing >